maqxol
(Ner3ida)
1 Czerwiec 2013 15:12
#1
Witam. Posiadam Google Chrome i wdarł mi się bardzo złośliwy wirus - Certified-Toolbar. Powiedzcie co mam zrobić, by go usunąć. Patrzyłem, nie mam żadnych rozszerzeń, ani tego programu w panelu sterowania. Pomocy. ![-o<
Acorus
(Acorus)
1 Czerwiec 2013 15:22
#2
Użyj AdwCleaner http://general-changelog-team.fr/fr/dow … adwcleaner z funkcji Usuń(w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Pokaż logi z OTL analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html
maqxol
(Ner3ida)
1 Czerwiec 2013 16:14
#3
OTL:
http://www.wklej.org/id/1054538/
Ekstras:
http://www.wklej.org/id/1054539/
AdwCleaner[s2]
http://www.wklej.org/id/1054553/
Pomogło raczej skorzystanie z AdwCleaner, ale lepiej się upewnić.
Acorus
(Acorus)
1 Czerwiec 2013 16:51
#4
Odinstaluj Adobe Download Assistant.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL DRV:64bit: - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys – (esgiguard) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=make&s={searchTerms}&f=4 IE - HKLM…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKLM…\SearchScopes{9A214123-38A8-47C5-B61E-6DCFD7BAF8E9}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=f4 … 6f3c220&q={searchTerms} IE - HKLM…\SearchScopes{BDE94A02-5ED5-4A34-BD68-557F35CDC140}: “URL” = http://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKCU…\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found IE - HKCU…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU…\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found IE - HKCU…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=make&s={searchTerms}&f=4 IE - HKCU…\SearchScopes{35507B36-A92D-47C7-8A8F-90ED0E621058}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=^A17&apn_dtid=^YYYYYY^YY^PL&apn_uid=aa9838e2-e6d9-448e-af62-8617ce0eccab&apn_sauid=AF970920-1F56-4DC4-983E-4A9F7E4E90D9 IE - HKCU…\SearchScopes{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: “URL” = http://www.bigseekpro.com/search/browser/hypercam/{7CB461C4-0405-4AC6-AB58-19037E53649E}?q={searchTerms} IE - HKCU…\SearchScopes{9A214123-38A8-47C5-B61E-6DCFD7BAF8E9}: “URL” = https://isearch.avg.com/search?cid={833D61DB-6BEB-41E2-A6D4-C4AAA1D9C1C6}&mid=049728729f5047d1a146a113f0172bd3-8066fd2d44fee526d84f7f0f5f8411dd8ee75b88〈=en&ds=ts022&pr=sa&d=2012-02-27 19:18:48&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU…\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: “URL” = http://dts.search-results.com/sr?src=ie … 3014719&q={searchTerms} IE - HKCU…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search?q={searchTerms} IE - HKCU…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://isearch.babylon.com/?q={searchTerms}&affID=116633&tt=0313_4&babsrc=SP_ss&mntrId=f89baf20000000000000c446194320cc IE - HKCU…\SearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: “URL” = http://searchab.com/?aff=7&uid=09d3b7d6 … 6f3c220&q={searchTerms} IE - HKCU…\SearchScopes{BDE94A02-5ED5-4A34-BD68-557F35CDC140}: “URL” = http://websearch.just-browse.info/?l=1&q={searchTerms} IE - HKCU…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQPTWIgJm&i=26 IE - HKCU…\SearchScopes{E88355E4-1862-438E-8975-CE851B6BD967}: “URL” = http://isearch.avg.com/search?cid={833D61DB-6BEB-41E2-A6D4-C4AAA1D9C1C6}&mid=049728729f5047d1a146a113f0172bd3-8066fd2d44fee526d84f7f0f5f8411dd8ee75b88〈=en&ds=ts022&pr=sa&d=2012-02-27 19:18:48&v=10.0.0.7&sap=dsp&q={searchTerms} FF - prefs.js…browser.search.selectedEngine: “Web Search” FF - prefs.js…browser.startup.homepage: “http://search.certified-toolbar.com?si=41460&st=home&tid=3192 ” FF - prefs.js…browser.startup.homepage: “http://search.certified-toolbar.com?si=41460&st=home&tid=3192 ” FF - prefs.js…browser.search.defaulturl: “http://websearch.just-browse.info/?l=1&q= ” FF - prefs.js…browser.search.selectedEngine: “Web Search” FF - prefs.js…keyword.URL: “http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q= ” [2012/12/24 13:39:47 | 000,000,000 | —D | M] (Zoomex) – C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\jveith6e.default\extensions\50d84378ab2d9@50d84378ab312.com [2012/12/27 09:05:24 | 000,000,000 | —D | M] (SaveAs) – C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\jveith6e.default\extensions\50dbf7c196fc9@50dbf7c197003.com [2012/06/06 10:40:09 | 000,000,000 | —D | M] (Babylon) – C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\jveith6e.default\extensions\ffxtlbr@babylon.com [2012/11/16 15:54:48 | 000,000,000 | —D | M] (incredibar.com ) – C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\jveith6e.default\extensions\ffxtlbr@incredibar.com [2012/07/23 11:09:03 | 000,002,334 | ---- | M] () – C:\Users\acer\AppData\Roaming\mozilla\firefox\profiles\jveith6e.default\searchplugins\askcom.xml [2011/07/03 22:34:46 | 000,002,055 | ---- | M] () – C:\Users\acer\AppData\Roaming\mozilla\firefox\profiles\jveith6e.default\searchplugins\daemon-search.xml [2011/07/12 14:13:07 | 000,002,374 | ---- | M] () – C:\Users\acer\AppData\Roaming\mozilla\firefox\profiles\jveith6e.default\searchplugins\search.xml [2013/01/23 18:43:35 | 000,003,265 | ---- | M] () – C:\Users\acer\AppData\Roaming\mozilla\firefox\profiles\jveith6e.default\searchplugins\Web Search.xml [2012/12/27 09:06:24 | 000,000,556 | ---- | M] () – C:\Users\acer\AppData\Roaming\mozilla\firefox\profiles\jveith6e.default\searchplugins\WebSearch.xml O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll () O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found. O3:64bit: - HKLM…\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKCU…\Run: [Akamai NetSession Interface] C:\Users\acer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52{c16c1~1\browse~1.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\zoomex\sprote~1.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - File not found [2013/06/01 06:31:11 | 000,000,360 | -H-- | M] () – C:\Windows\tasks\ZoomExUpdaterTask{9EB6CBD4-EB70-40CB-8585-2A454A069A80}.job [2013/06/01 06:31:11 | 000,000,354 | ---- | M] () – C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013/04/16 19:43:40 | 000,000,004 | ---- | C] () – C:\Users\acer\AppData\Roaming\skype.ini :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.
W AdwCleaner użyj opcji Usuń.
Zainstaluj aktualizacje do programow wskazanych przez Security Check
analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html jako out of date.
maqxol
(Ner3ida)
2 Czerwiec 2013 08:55
#5
Dziękuję bardzo. Pomogło.